Re: another interesting spam trick...

From: Craig Sanders (no email)
Date: Thu Nov 01 2001 - 18:17:36 EST

Next message: Craig Sanders: "Re: another interesting spam trick..."
Previous message: Wietse Venema: "Re: Postfix, SMTP AUTH and Netscape Mail"
Maybe in reply to: Ralf Hildebrandt: "Re: another interesting spam trick..."
Next in thread: Craig Sanders: "Re: another interesting spam trick..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, Nov 01, 2001 at 03:01:14AM -0500, Greg A. Woods wrote:
> [ On Thursday, November 1, 2001 at 18:06:41 (+1100), Craig Sanders wrote: ]
> > Subject: Re: another interesting spam trick...
> >
> > the number one best way of blocking spam is to reject mail from
> > non-existant domains.
>
> What _exactly_ do you mean there? I suspect you're talking about very
> much the same thing as HELO/EHLO validation, except you're skipping
> the actual A RR check.

it means checking that the domain given in the SMTP MAIL FROM actually
exists - i.e. it resolves to an A, or MX record (for acceptance) or to
an NS record (for "4xx temporary dns failure, try again later").

from the comments in main.cf:

# reject_unknown_sender_domain: reject sender domain without A or MX record.

there are also other checks for helo/recipient domains available.

# reject_invalid_hostname: reject HELO hostname with bad syntax.
# reject_unknown_hostname: reject HELO hostname without DNS A or MX record.
# reject_unknown_recipient_domain: reject domains without A or MX record.

> If that's so, and if enough mailers start doing only the initial DNS
> lookup and rejecting on HOST_NOT_FOUND then spammers will adapt and
> start giving "aol.com", "hotmail.com", "home.com", or some other vastly
> popular name that will return some A RR or another. Real validation is
> (eventually) necessary to prevent spammers from fraudulently giving an
> incorrect (or invalid) HELO/EHLO greeting name.

the point is to force spammers to use register and use their own domains
(which, of course, can then be blocked by those not wishing to receive
spam).

if spammers forge someone else's domain then they make themselves liable
to be sued (and in some jurisdictions, criminal charges apply) for
infringement of intellectual property rights and for damages caused.

it's not perfect, but misuse of another entity's trademark is a far
clearer case in court than the issue of spam.

on a practical level, it also blocks a lot of spam - e.g. if
xhd732hxhszq.com doesn't exist then there's no reason to accept mail
pretending to be from that domain.

craig

-- 
craig sanders <>
Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch
-
To unsubscribe, send mail to  with content
(not subject): unsubscribe postfix-users

Next message: Craig Sanders: "Re: another interesting spam trick..."
Previous message: Wietse Venema: "Re: Postfix, SMTP AUTH and Netscape Mail"
Maybe in reply to: Ralf Hildebrandt: "Re: another interesting spam trick..."
Next in thread: Craig Sanders: "Re: another interesting spam trick..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs